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Foreword 


The Joint Task Force on Safety 


Federal Transit Administration 
Online Resources 





and Security Certification, Office of Safety and Security —_http://www.fta.dot.gov (click on “Safety 
established between the Federal and Security) 
Transit Administration (FTA) National Transit Library: —_http://Awww.fta.dot.gov/ntl/index/htm| 
ae ae eee Planni http:// fta.dot.gov/ntl/planning/index.html 

aor anning ‘/Iwww.fta.dot.gov/ntl/planning/index.htm 
Transportation Association Best Practices http://www. fta.dot.gov/ntl/bestpractices/index.html 
(APTA), prepared this Procurement http://www.fta.dot.gov/ntl/procurement/index.html 
Handbook to support the efforts Policy http://www. fta.dot.gov/ntl/policy/index.html 


of the transit industry to achieve 
continuous improvement in safety and security performance. 


The practice described in this Handbook 1s the result of a year-long research and 
consensus-building mission, that included the review of dozens of industry programs and 
plans; the collection of issue-specific information from transit safety and security 
directors, project managers, contractors, operations personnel, and FTA Regional 
Offices; presentations and working sessions with industry representatives; and requests to 
industry for review and comment on draft materials. 


This Handbook provides a guide for establishing a certification program to address safety 
and security that: 


ae gy’ American Public Transportation Association 
e Identifies the key aa Online Resources 
activities wes 


I f d APTA recently added the “Transit Safety Corner’ — an ongoing source of 
. ncorporates Salety is information on safety issues critical to the public transportation industry—to its 
security more fully into web site. You can access APTA’s Safety Corner at: 
transit projects . . 
http://www.apta.com/services/safety/index.htm 


e Hi ghlights resources The site also offers a Question and Answer section that is available to the 
necessary to devel op industry. The site is designed to address questions that are of concern to a 
. particular agency. The responses are generated automatically to any individual 
and implement a who has requested their name be placed on APTA’s ‘list server.’ The list 
certification program server is made up on individuals from various agencies that have agreed to 
for s afety and se curity become part of this process. If you would like to be placed on the ‘list server 
write to the Safety and Security section at www.apta.com. 


e Provides tools and sample forms to promote implementation of the safety and 
security certification process 


This Handbook is not intended to be prescriptive in nature. Rather, information can be 
tailored to suit the individual needs of transit projects. The transit agencies are 
responsible for determining applicability of these concepts to their own projects or 
developing other workable processes. Differences in methodology may exist among 
transit agencies, as well as among projects within a single transit agency. 
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Organization 


To support implementation of practices that result in the design and construction of 
transit projects that maximize safety and security performance within available resources, 
the Federal Transit Administration (FTA), through its Joint Task Force on Safety and 
Security Certification, has prepared this Handbook. The procedures described in this 
Handbook enable transit management, the project team, and all others involved in the 
project, to address safety and security requirements in a consistent and dedicated 
program, throughout the development process. 


This Handbook is organized in two chapters: 


Chapter 1 — The Basics: Introduces the basic concepts of certification for safety 
and security, and explains why, since its development only a few short decades 
ago, this type of certification has become an integral part of effective project 
management practice. 


Chapter 2 — The Tools: Introduces three tools that support the safety and security 
certification process: 


e Well-defined project scope — to establish applicability of the certification 
program for project elements and to encourage shared vision among the 
project team 


e Safety and Security Certification Plan — to establish roles and 
responsibilities for the certification process and to define key activities 


e I10-step Safety and Security Certification Methodology — to provide a 
consistent process for verifying safety and security requirements 
throughout all phases of project activity 


Chapter 2 also provides sample forms to support implementation of the 
certification program. 


Appendices offer additional information on key topics discussed in the Handbook, 
including: 


Appendix A: Project Life Cycle Definitions 

Appendix B: Useful Safety and Security Certification Resources 

Appendix C: Resource Guide 

Appendix D: Sample Design and Construction Specification Form and Directions 


This Handbook should provide each member of the project team with a basic 
understanding of the certification practice, demonstrating the importance of each 
technical and managerial discipline to the overall safety and security mission. 
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Chapter | 


The Basics 


As used in this Handbook, certification for safety and security 1s defined as: 


the series of processes that collectively verify the safety and security 


readiness of a project for public use. 





While this Handbook emphasizes rail transit projects — including both “new start” 
systems and extensions to existing systems — its principles and practices extend to major 
projects for all modes, including bus transit. 
Depending on project scope and resources, the 
process described in this Handbook should be 
tailored to an appropriate level of specificity, 
determined by the agency. 


Certification, as used in this Handbook, 
addresses conditions that could result in harm — 
whether unintentional (safety) or intentional 
(security). Application of safety and security 
certification promotes an informed management 
decision-making process in project design, 
construction, testing, and initiation into revenue 
service. 





CERTIFICATION AS PART OF SYSTEM SAFETY AND SECURITY 


The system safety and security discipline manages hazards and vulnerabilities throughout 
the life cycle of a project, program, or activity through a committed approach to risk 
management, where: 


> a hazard is a condition or circumstance that could lead to an unplanned 
or undesired event; 


> a vulnerability is a characteristic of the system that increases the 
probability of occurrence of a security incident; and 


> risk is an expression of the impact of an undesired event or security 
incident in terms of severity and likelihood. 
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Certification for safety and security verifies application of this discipline for transit 
projects. Through this process, hazards and vulnerabilities are translated into risks, 
which are then analyzed, assessed, prioritized, and resolved, accepted, or tracked. Figure 
1 presents this process as a continuous loop, providing for validation of decisions and on- 
going evaluation to support further action. This process supports the consideration of 
safety and security objectives during all activities of the dynamic and evolving project 
management process. 


Define Project 


Translate Concept into 
PMP 


Set Expectations 
Prioritize Tasks and 
Allocate Resources 





Final Review 


Final Inspections 
Manage Change Orders 


Certification 


Implement Safe 
and Secure 
Project 





Perform Verification 
Activities 


Perform Conformance 
Reviews 
Start-up Testing 


Analyze Hazards 


Identify and analyze: 
Hazards and 
Vulnerabilities 


Categorize & Prioritize 





Develop/Implement 
Controls 


Identify Standards and 
Requirements 


Identify Controls to Prevent/ 


Mitigate 


Establish Baselines 
Implement Controls 


Integrated Testing 





Figure 1: Safety and Security Core Management Functions 


Certification for safety and security 1s NOT contractual acceptance, defined as: 


an action by an authorized representative of the transit agency by 


which the transit agency assumes full or partial ownership of the 
delivered project as complete or partial performance of a contract. 





Contractual acceptance does not constitute safety and security certification, and safety 
and security certification need not imply acceptance with respect to contract performance. 
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SAFETY AND SECURITY CERTIFICATION BENEFITS 


Many transit agencies self-certify the safety and security of their operations, subsequent 
extensions and safety-significant modifications, prior to the initiation of revenue service. 
This process is typically part of the agency’s existing program for system safety and 
security, and is integrated into major projects through a Safety and Security Certification 
(SSC) Program, documented in a Safety and Security Certification Plan (SSCP). 


In certain instances, transit agencies have received benefits from the SSC during 
engineering and design. SSC activities support analysis that reduces the need for 
expensive retrofitting to correct hazards or vulnerabilities after the system is placed in 
revenue service. Certification also typically supports improved integration of operational 
considerations into project design, which offers the following opportunities: 


Improved functionality of system design 

Promotion of effective and efficient use of resources 

Reduction in work-arounds and change orders during construction 
Reduction in hazards in service and maintenance activities 


In the event that accidents or major security incidents do occur, certification offers the 
following benefits, which may be useful in legal and insurance proceedings: 


e Hazards and vulnerabilities are identified and assessed, and documented action 1s 
taken to resolve identified critical and catastrophic hazards as soon as possible. 


e Appropriate codes, guidelines, and standards are reviewed to provide a basis for 
safety and security consideration 1n the design criteria and specifications, and 
drawings are in conformance with the design criteria. 


e Facilities, systems, and equipment 
are designed, constructed, built, 
inspected, and tested in accordance 
with applicable codes, standards, 
criteria, and specifications. 


e Necessary verification tests, safety 
plans, security plans, operating 
procedures, and rule books are 
developed for operations. 


e Personnel are trained and qualified to 
respond to emergencies, and 
emergency response organizations : | 
are familiar with the transit systems Fig 31 Tyrie eyetion in mein comand 
and its emergency procedures. 
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TRANSIT AGENCY COMMITMENT 


The self-certification that guides each agency’s SSC process reflects that agency’s 
commitment to verify that its operation is free from unacceptable risk. This is a proactive 
approach to safety and security with clear objectives to identify, anticipate, and control 
adverse conditions before they occur. Through SSC, each transit agency typically makes 
a commitment to: 


Develop a policy formalizing management risk acceptance practices 
for activities that affect the safety and security of the operational system 


Identify and document the safety- and security-critical elements that 
comprise the project 


Specify and apply safety and security requirements, consistent with 
approved risk management practices, to these elements, through the use 
of design criteria, design manuals, contract specifications, and safety and 
security analysis 


Implement a dedicated program of hazard and vulnerability analysis 
and tracking, which verifies, for each safety- and security-critical element, 
the identification, evaluation, and resolution of all conditions with the 
potential to result in death, severe injury, multiple injury, system loss, major 
system damage, or major environmental impact 


Implement a dedicated program of review to verify that safety and 
security requirements are included in specifications, test plans, procedures, 
and operational assessments for the project, and coordinated with all 
transit departments that have responsibilities for the project 


Implement a dedicated program of testing and evaluation, to verify that 
safety- and security-critical elements, delivered to the agency, comply with 
contract specifications, and that an acceptable level of operational 
readiness and emergency preparedness exists among the _ transit 
departments and personnel responsible for initiating the project into 
revenue service 


Issue written Certificates of Compliance (COC) for each safety- and 
security-critical element, indicating that it meets established safety and 
security requirements 


Issue Project Safety and Security Certificate, along with a Final 


Verification Report, verifying the project's readiness for safe and secure 
revenue Service. 
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RESPONSIBILITY FOR SSC PROGRAM 


Ultimate responsibility for the development and operation of a safe and secure system 
rests with the transit agency’s executive leadership. The transit agency provides direction 
and guidance for the safety and security certification program. During project 
development, implementation of the SSC program 1s often delegated to the project 
management team, which verifies performance of all certification tasks. 


In existing transit systems, certification for safety and security is often managed by the 
safety and/or security manager (Certification Manager). For agencies with New Start 
projects, the staggered approach required to support project development brings many 
different participants with varying levels of responsibility over a period of several years. 
In this environment, the SSC program should provide a consistent focus on safety and 
security for all activities. This Handbook also uses the term “Certification Manager” to 
address the range of personnel who may manage this process. 


COMMITTEE INVOLVEMENT 


Several safety and security committees, including the following, may support the SSC 
program. In a transit agency, the functions described below may be combined, or may be 
performed by individuals rather than committees. 


Safety and Security Review Committee (SRC): Many transit agencies have found it 
beneficial to create a Safety and Security Review Committee -- or equivalent multi- 
disciplinary group -- to oversee the conduct of safety and security efforts for the project, 
directly accountable to the transit agency’s executive leadership. The SRC is typically 
chaired by a full-time System Safety and/or Security Manager or the Certification 
Manager. The SRC is typically comprised of senior management personnel, or their 
designees, who represent the major project areas and activities. The SRC oversees the 
SSC program and directs resolution of identified hazards. The SRC discusses ongoing 
safety and security concerns; reviews and approves certification activities; and resolves 
issues among the project team and with the agency’s executive leadership. 


Fire-Life Safety Committee (FLSC). This Committee is to serve as a liaison between the 
transit agency, fire jurisdictions, and emergency response agencies. The FLSC may be 
comprised of local and state fire jurisdictions, local emergency response agencies, transit 
operations, safety, security, construction and design managers, along with transit 
management staff and the general design consultant. The FLSC reviews standards and 
safety-related designs and tests to verify fire-life safety code and regulation compliance. 
In addition, the FLSC addresses preparedness issues and reviews variances. 


System Change and Operations Review Committee (SCORC). This Committee’s 
responsibilities include planning and coordinating operational training, simulating 
revenue service conditions, and developing pre-revenue plans, rules, and procedures for 
revenue service. Prior to revenue service, the SCORC reviews procedures, manuals, and 
other documents that form the basis for certifying compliance to safety and security 
requirements for systems and fixed facilities. The SCORC may also be responsible for 
review and concurrence of proposed changes and/or revisions to the project design. 
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APPLICATION OF THE PROJECT LIFE CYCLE 


Many transit agencies use a standard life cycle framework to manage transit projects, 
such as the one shown in Figure 2 below. This life cycle defines the events, procedures 
and tasks that take place within the project. Each life cycle phase may conclude with a 
review, enabling management evaluation. Appendix A provides a brief description of 
activities typically performed in each life cycle phase. 


Advancement through this process is based on a project's readiness to progress to 
subsequent phases. Transition from one life cycle phase to the next phase constitutes a 
MILESTONE CONTROL for all major project elements, including safety and security. 







PRELIMINARY 
ENGINEERING MILESTONE 


CONSTRUCTION 


INTEGRATED 
TESTING 


CONTROL 







PRE-REVENUE (INTERIM) 
OPERATIONS 


OPERATIONS 


Figure 2: Typical Transit Project Life Cycle 
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SAMPLE ACTIVITIES 


A sample listing of typical activities performed during the certification process 1s 
presented in Figure 3, below. Figure 3 categorizes key activities for each of the project 
life cycle phases: 


PLN — Planning 

PE — Preliminary Engineering 

FD — Final Design 

CON — Construction 

INT-TEST — Integrated Testing 

PRE-REV — Pre-revenue (Interim) Operations 
OPS — Operations 


Checks (“) indicate the initiation of the activity, and shaded arrows (>>) indicate ongoing 
performance. 


In managing these activities, Certification Managers typically work closely with the 
project team to address the following: 


e Roles and responsibilities for safety and security (at all levels of the organization) 
e Required resources and project schedule for safety and security activities 


e Procedures and programs to ensure safety and security integration into design, 
construction, testing and acceptance, and start-up activities 


e The process for the identification and effective communication of safety hazards 
and security vulnerabilities associated with the operational phase of the transit 
project 


e The process for sound decision-making which integrates the results of system 
safety and security activities into the requirements and specifications for the 
project 


Figure 3 is a representative sample only. The scope of each project should be considered 
to determine the tasks that are appropriate. 


= = 


PENEED Safety and mecunty Policy aa 


sien SSC Response Cf fom fo [me 


| Establish Safety and Security Committees [| V | | 
Identify Existing Safety and Security Cocca 
Requirements for Acquisition Process 
Develop Safety and Security Certification |e [im | ome fee [ove | ove 
Identify Safety and Security Certifiable tenn tean 7 || + [fi [ove 
Elements & Items 


Initiate [Initiate Project Documentation System ect = een System 
fcgemee [| ~ [om oo 
Vulnerability Analysis 
| Prepare Safety and Security Design Criteria | |__| 
Integrate Operations and Maintenance 
cece [ [mel 
aaa aI 
Checklists 
Semanal 1 Te Nenana 
Peseta MANIC) 
Analyses (as applicable) 
Fest a ICICI 
Resolution and Tracking 
Boo 
Checklists pre. 


INT- 
TEST 
PRE- 
REV 


Identify Safety and Security Requirements 
for Test Program Plans, Integrated Testing 
and Operational Readiness 

Develop Specification Conformance 
Checklists (Construction) 


Complete Specification Conformance 
Checklists 
Issue Permits and Certificates ee applicable) tt 


|Complete Integrated Tests == sd Integrated Tests 
Safety and Security Review of Engineering 
eee ttt 
feesusanitanng | | ||| | 
Procedures and Training 
faction ||| TTL J 
(including work-arounds) 
Issue Final Safety and Security Certification | | 


Issue Final Safety and Security Verification mamEa 
Report 


Figure 3: Project Development Safety and Security Activities 





PROJECT TEAM SUPPORT FOR THE SSC 
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Each member of the project team has a role in safety and security certification. While the 
Certification Manager has primary responsibility for SSC management, the tasks required 
to perform the SSC include many functional disciplines on the project team. As indicated 
in Figure 4 below, the Certification Manager should support a coordinated effort that 
brings the capabilities and resources of the design team, the construction team, the 
acceptance and testing team, and the activation team to the performance of SSC 
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Figure 4: Contributions of Project Team to SSC 























-Final Safety Certification / 





Page 10 
MANAGING DOCUMENTATION 


To manage the SSC program, a documentation system is strongly recommended. This 
system may contain documents pertaining to the certification process. The project filing 
system may fulfill this requirement, or may be supported by an additional system. 


In general, safety and security certification documentation should be maintained for the 
life of the agency. Security information and other sensitive information should be 
protected using agency policies and procedures. 


An important part of the safety certification process 1s keeping transit management 
informed of the status of the program. To ensure that executive leadership 1s informed, 
periodic reports are prepared. The reporting period may change from time to time, 
dependent upon activity levels and project priorities. 


SAFETY AUDIT PROGRAM 
tech Tip 
Throughout the verification effort, audits should be conducted on a 
periodic basis, by a management team independent of the program. 
Audits should verify that all participants in the design conformance 
and testing/acceptance processes are reviewing compliance with 
safety and security requirements and appropriately documenting this 





conformance. Other activities to be assessed include the following: Linked 
worksheets, 
e The status of each safety task SHE pene: 
; database, can 
e Compliance with program milestones and safety program raduicadocunient 
milestones preparation time 
e Schedule incompatibilities that require remedial corrective and promote 
action consistency from 


project phase to 


e Action to track and implement positive corrective actions project phase. 


where deficiencies are revealed 
e Project team activity to support the SSC program 
e Configuration management 
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Chapter 2 
The Tools 


SCOPE OF THE SSC PROGRAM 


The SSC program typically encompasses the equipment, operating and maintenance 
plans, facilities, and procedures for the following three categories: 


e Systemwide Elements — may include the passenger vehicles, catenary, traction | 
power, train control system, voice and data communications, CCTV, grade 
crossing and traffic control system, intrusion detection system, traction power 
substations, central instrument houses, track, fare collection, supervisory 
control, fire protection and suppression systems, and auxiliary vehicles and 
equipment. 


Fixed Facilities — may include stations and shelter stops, pedestrian bridges, 
yard and shop, structures, and the control center. Equipment installed in 
stations or shelter stops such as HVAC, escalators, elevators is also considered 
part of the facility. 


Plans, Procedures, and Training — may include items such as emergency 
preparedness plans, security plans and procedures, training programs, rule 
books, and standard operating procedures. 





When properly scoped, the SSC program will: 


e Develop, document, and communicate safety and security criteria to guide design, 
engineering, and specification for the transit project 


e Identify safety and security critical issues and develop practical and cost-effective 
requirements to support their resolution 


e Use hazard and vulnerability analysis to evaluate the impacts of all deviations 
introduced into the system in the form of engineering change proposals, 
construction change orders, work-arounds and other temporary measures prior to 
the initiation of revenue service 


e Develop management mechanisms to track and control the incorporation of safety 
and security into the transit project. 
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SAFETY AND SECURITY CERTIFICATION PLAN 


The Safety and Security Certification Plan is a basic tool used by the transit organization 
to assist in managing an effective certification program. The SSCP provides the formal 
basis of understanding and agreement among all members of the project team regarding 
how the program will be executed. The SSCP typically describes the process through 
which the transit agency activity will provide documented verification that: 


e A certifiable elements list 1s developed 


e Safety and security design criteria are developed to identify concerns 
appropriate for the project 


e A design checklist 1s developed and completed to verify compliance of 
contract specifications with the safety and security criteria 


e Construction checklists are developed and completed to verify that facilities 
and systems are constructed, manufactured or installed according to design 


e Integrated tests are identified that need to be monitored for safety and security 


e Training classes are provided to transit operations and maintenance staff that 
address safety, security, and emergency preparedness 


e Operations and maintenance manuals are provided to, or developed by, transit 
operations and maintenance staff 


e Operations and maintenance staff are trained on rules and procedures. 


e Public safety personnel (1.e., fire and police) are trained to manage their 
activities safely in the transit environment 


e Emergency drills are conducted for identified transit emergencies that may 
occur on the project 


e Hazard and vulnerability identification and resolution are performed with 
tracking for resolution and/or acceptance throughout the project 


e The “Certificate of Safety and Security” is issued to verify that the transit 
project is safe and secure for revenue service 


e The Safety Certification Verification Report is prepared, and transmitted, as 
appropriate to management and oversight personnel 


e The transit project successfully complies with identified safety and security 
requirements. 
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A typical Table of Contents for the SSCP follows: 


SSCP SAMPLE TABLE OF CONTENTS 


Section 1: Introduction 


Authority 

Introduction 

Purpose 

Objectives 

Definition 
Responsibility 

Scope 

Certification Revisions 


Section 2: Program Management 


Project Team 

Safety and Security Review 
Committee 

Fire/Life Safety Committee 
System Change and Operations 
Review Committee 


Section 3: Certification Process and 


Procedures 
e General 
e Certifiable Elements 
e Criteria Conformance Checklist 
e Specification Conformance and 


Operational Readiness Checklists 
Tests & Inspections 

Integrated Testing and Integrated 
Test Permit 


e Plans and Procedures 
e Training Programs 
e Emergency Drills 


Section 4: Hazard and Vulnerability 
Management 


e General 

e Responsibility 

e Hazard Identification and 
Analysis 

® Threat and Vulnerability 
Assessment 

® Resolution Process 

@ Open Items List 


Section 5: Certificate of Conformance 


e Issuance 
e Exceptions 


Section 6: Documentation 


e Requirements 
e Responsibilities 


Section 7: Reporting Requirements 


e Periodic Reports 
e Final Certification 
e Final Verification Report 
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STEPS IN THE SSC METHODOLOGY 


The remainder of this Handbook explains the SSC methodology, providing a brief a description 
of each step, and presenting sample forms to support the certification process. Appendices B and 
C provide additional references for further information on certification activities. Appendix D 
provides a sample Design and Construction Specification Form and directions for completion. 


Safety and Security 
Certification 





STEP-by-STEP 


The following steps typically comprise the SSC methodology: 


Step |: 
Step 2: 
Step 3: 
Step 4: 
Step 5: 
Step 6: 
Step 7: 
Step 8: 
Step 9: 
Step 10: 


Identify Certifiable Elements 

Develop Safety and Security Design Criteria 

Develop and Complete Design Criteria Conformance Checklist 
Perform Construction Specification Conformance 

Identify Additional Safety and Security Test Requirements 
Perform Testing and Validation in Support of the SSC Program 
Manage Integrated Tests for the SSC Program 

Manage “Open Items” in the SSC Program 

Verify Operational Readiness 

Conduct Final Determination of Project Readiness and Issue Safety and 
Security Certification 
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STEP 1: Identify Certifiable Elements 


The first step in the SSC methodology is to identify the elements that need to be certified for the 
transit project. Safety certifiable elements include all project elements that can affect the safety 
and security of transit agency passengers, employees, contractors, emergency responders, or the 
general public. These elements define the scope of the project’s certification program. Prior to 
the initiation of revenue service, a Certificate of Compliance will need to be issued for each 
identified element. 


Certifiable elements are composed of numerous items. These items make up the whole of the 
major element and require individual safety and security verification before the major element 1s 
verified as safe and secure for use. The listing of these items for a major element 1s typically 
referred to as a Certifiable Item List (CIL). 


The process of “breaking down” certifiable elements into CILs typically occurs simultaneously 
with the project team’s engineering effort. As depicted in Figure 5, the engineering breakdown 
structure supports identification of CILs for each certifiable element — particularly for complex 
systems (train control upgrades, new vehicles) and projects with a significant emphasis on 
integration into an existing operation. 


Specific certifiable items on the list are dependent on the particular element. In addition, listing 
of a certifiable item may need to be duplicated a number of times within a certifiable element. 
For example, each light rail vehicle requires individual verification, and each is tracked as a sub- 











(TOTAL SYSTEM ) 


Subsystem 2 ¢ Subsystem 3 é 





duplicate certifiable 
items for train signals, 
traction power, track, 
and other elements. 
Each element may 
also be divided into 
sub-elements 
equivalent to a 


element of the 
Subsystem 1 ¢ 


element “Light Rail 
Vehicle.” Similarly, 
there are a number of 
1c 






particular section of 
the alignment of the 
light rail system being 
verified. 





1c.3 


Component 
Component 
1¢.3.2 


Component 
1c.3.3 
Part 1.c.3.3.a 
ZS ee 


1 
Subassembly 
1c. 
Subassembly 









Figure 5: Engineering Breakdown Structure 
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Figure 6 presents major groupings of certifiable elements and sub-elements for a rail transit 
project. This is a sample listing provided for illustrative purposes only. Each agency must 
determine those elements requiring safety and security certification based on its own policies and 
the scope of the project. 


SAMPLE CERIFIABLE ELEMENTS AND SUB-ELEMENTS LIST 


SYSTEMS 


VEHICLE 


Carbody 

Coupler 

Doors, Door Operators and Controls 
Trucks and Suspension 

Propulsion 

Braking 

Operator’s Cab and Controls 
Communication Equipment 
Mobility Lift 

Lighting 

HVAC 

Fire/Flammability/Smoke Emissions 


SIGNALS 


Interlocking Circuits/Equipment 
Mainline Controls and Indications 
Grade Crossing Warning Devices 
Yard/Mainline Interface 

Track Signals 

LRT Signals 

Signal Indications 

Train Protection 


COMMUNICATIONS 


Radio System 

Operations Control Center 
SCADA 

Fire Department Communications 
Security Communications 
Security Systems 

Fire Systems 

Public Address Systems 


TRACTION POWER SYSTEMS 


Enclosures 

High Voltage Switchgear 
AC to DC Conversion 
DC Switchgear 

Batteries and Accessories 
Catenary 

Stray Current Protection 


CIVIL INSTALLATIONS 


TRACK AND STRUCTURES 


Right of Way 

Track 

Aerial 

At-grade 
Underground 

Barriers and Warnings 


YARD AND SHOP 


Electrical Safety Provisions 
Vehicle Movement Provisions 
Track and Appliances 
Building (Occupancy) 

Fire System 

Lifts/Elevator 


STATIONS/PARKING LOTS 


Platforms 

Handicapped Access Provisions 
Elevators and Escalators 
Illumination 

Electrical Grounding 


SIGNAGE 
PROCURED ITEMS 


TRAFFIC SIGNAL CONTROLLERS 
MOBILITY IMPAIRED LIFTS 
TRACTION POWER SUBSTATIONS 
TICKET VENDING EQUIPMENT 


PLANS, PROCEDURES AND TRAINING 


TEST PLANS 


e Acceptance Tests 
e Integrated Tests 
e Pre-Revenue Tests 


OPERATING AND MAINTENANCE PROGRAM 
= Standard Operating Procedures (SOPs) 
=» Emergency Operating Procedures (EOPs) 
=» Manuals and Rulebooks 
» Training and Certification (if applicable) 
Local Responder Training 
Emergency Preparedness 





Figure 6: Sample Certifiable Elements and Sub-elements List 
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Figure 7 illustrates how certifiable elements are addressed in the project. At each stage of the 
process, for each certifiable element, conformance with project safety and security requirements 
is verified; certified through issuance of certificates prior to revenue service; and documented in 
a Final Verification Report. 


Certifiable 


Element 








PROJECT PERFORMANCE 






























onstruction 
Specification 
onformance 


Testing, 
Inspection 
Conformance 


Rules and 
Procedures 
onformance 







Design Criteria 
Conformance 


raining and 
Exercises 
onformance 


Risk Resolution 
Conformance 









CERTIFICATE OF CONFORMANCE FOR EACH 


CERTIFIABLE ELEMENT 





PROJECT SAFETY AND SECURITY CERTIFICATE 





FINAL 
VERIFICATION 
REPORT 


eee” 








Figure 7: Certifiable Elements and the Certification Process 
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STEP 2: Develop Safety and Security Design Criteria 


Design is an iterative process. Safety and security are addressed during project design through 
identification of safety and security design criteria for each certifiable element. Safety and 
security design criteria are intended to provide guidance to the design team to support the 
definition of systems, sub-systems and components, the development of performance 
requirements, and the final specification of the engineered system. 
Whenever possible, reference to their identification and 
documentation should be included in the procurement package for 
design services. 


As indicated in Figure 8 below, safety and security design DESIGN 
criteria are often generated from: 


PROCESS 


The technical specifications from previous contracts 
Existing agency design and performance criteria 

Transit agency “lessons learned” from operating experience 
The results of hazard and vulnerability analysis 

Transit industry safety and security practice and reports 
Applicable safety and security codes, standards, and regulations defined by Federal, state 
and local agencies and standards boards and organizations 





a SS 

















Experience > 











|__p Criteria —___________» 
Constraints > 


























Standards and codes 
e MILSTDS/ 

e Comrercial stds 
e ANSI STDS 

e ASTMSTDS 





NFPA Codes 
BOCA 
PROJECT Guidelines 


EVALUATION 


















































Project material x Resources 
selection available 
-—» ¢ Dollars i» 
e People 
e Time 
Emergency a 
planning 





Figure 8: Safety and Security Specification Development Inputs 
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Safety and security design criteria may be consolidated into a single manual or list for the 
project, or referenced as part of project development for each certifiable element. A 


representative process for incorporating these criteria into the project design process 1s illustrated 
graphically in Figure 9 below: 







































































































































Project Definition 
and General 
Requirements DESIGN 
(Alterntatives 
Analysis) 
| A 
Identification of 
Preliminary Project Safety and Security SAFETY AND Sse 
Description and Codes, Standards, SECURITY kad act 5 
Component Requirements | 5) DESIGN sel eila - 
Identification CRITERIA ean 
a a. ee 
» Prliminary Hazard Vv Design 
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Design Reviews 




















Figure 9: Safety and Security Design Criteria and Project Specification 


RESOURCES: FTA’s Hazard Analysis Guidelines for Transit Projects and APTA’s Manual 
for the Development of Rail Transit System Security Program Plans both provide additional 
information on the role and management of analysis in project design. These documents 
are available for download on FTA’s web site: www.fta.dot.gov (click on “Safety and 
Security”) and APTA’s web site: www.apta.com. 


Appendices B and C also contain useful references and sample codes for development of safety 
and security design criteria. 
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STEP 3: Develop and Complete Design Criteria Conformance Checklist 


During design, the project team may begin identifying criteria requirements for certifiable 
elements and items. This process involves the creation of a checklist for each certifiable element 
to record requirements generated from safety and security design criteria. These checklists — 
referred to as Design Criteria Conformance Checklists — provide a format to verify compliance 
with identified safety and security requirements. 


In the certification process, contract specifications, design criteria, applicable codes, and industry 
standards may constitute this verification. For example, some of the requirements in contract 
specifications may be used as verification, such as maintenance manuals, subsystem hazard 
analysis, and factory test reports. Other requirements may not take the form of specific 
deliverable documents, but require verification. 


Following initial development, the Design Criteria Conformance Checklist is submitted to the 
appropriate personnel for review and comment. A sample Design Criteria Conformance 
Checklist is provided in Figure 10. 


During development of these checklists, 1t may also be necessary for the project team to 
reference safety and security requirements for use in design reviews and during inspections or 
tests. Identification of these activities provides an opportunity for the entire project team to 
assess the status of the SSC program through the following activities: 


¢ Briefings on major safety and security program milestones, including hazard 
identification and analysis, vulnerability assessments, required test, inspections and 
procedures, and special issues not yet resolved 


¢ Identification of subsystem, component, and software safety activities as well as 
integrated system level activities (1.e., design analyses, tests, and demonstrations) 
applicable to the SSC program but specified as tasks for which other transit agency or 
contractor personnel or functions are responsible 


¢ Delivery of reports and analyses documenting the consequences of specific project 
decisions for safety and security levels, including recommendations 


¢ Identification or presentation of evaluation results relating to requests for deviation from 
approved baseline designs, procedures, or practices 


¢ Scheduling coordination and group priority setting for safety activities to be addressed in 
the next project phase 


¢ Status of compliance with identified regulations. 
Finally, during this phase of the safety certification process, it is important to identify the process 


to be used for the management and tracking of “open items.” The term “open items” refers to 
items that have not been verified for conformance with design requirements, as well as 
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unresolved safety or security issues. As the project proceeds through design to construction to 
start-up, reviews are often performed to verify that change proposals and deviations from the 
approved baseline design do not degrade the level of safety and security of the system to 
unacceptable levels. “Open items” are often addressed during these reviews. 


Design Verification for Safety and Security Certifiable Items 


Element: Page of 
Sub-Element: Prepared by: 
Revision: Date: 


Contract Number: 


Status Means of Verification - Design 
C = Compliance S = Submittal 
N = Noncompliance D = Design 


P = Partial Compliance 


No. | _____ References Verification 

q Status | Initial | Date | 
Lo! ae (ee a 
2d re a a 
Ld a a ee 
Sd a ee 





NOTES/EXCEPTIONS: 


Figure 10: Design Criteria Conformance Checklist 
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STEP 4: Perform Construction Specification Conformance 


The construction specification conformance process is used to verify that the as-built facilities 
and systems incorporate the safety and security-related requirements identified in the 
specifications and other contract documents, including approved changes since the final design. 


This checklist should be viewed as the “other half” of the Design Criteria Conformance 
Checklist, because it (1) identifies the tests and verification methods necessary to ensure that the 
as-built configuration contains the safety-related requirements identified in the applicable 
specifications and other contract documents, and (2) provides documentation that the delivered 
project meets these requirements. The Specification Conformance Checklist 1s the “work horse” 
of the SSC process. 


Once the checklist format is completed, verified checklists are forwarded to appropriate staff for 
review and comment. Documentation supporting verification of the safety requirement should be 
available for review by the project team. For facilities and systems, certifications, inspector 
reports, job photos, or other evidence may be submitted as documentation. Any contractor 
submittal used for verification needs to be approved, typically by the resident engineer. 


Safety and security requirements not verified by available documentation or demonstration 
should be tracked to resolution. As mentioned in Step 3, the management or resolution of open 
items should result through project team’s use of the Specification Conformance Checklist. This 
checklist provides those responsible for decision-making a tool to review the status of open items 
resulting from deviations to the approved design, work-arounds, change orders, and other 
temporary measures. 


Three Specification Conformance Checklists, (two with sample entries), are presented below. 
Figure 11 identifies an excerpt from a specification checklist to demonstrate the types of issues 
typically encountered for an at-grade light rail station. Figure 12 provides sample documentation 
of non-compliance regarding safety and security requirements for right-of-way signage. Figure 
13 provides a sample checklist that can be used to document both design and construction 
conformance. Directions for completing this form are provided in Appendix D. This type of 
checklist is easily incorporated into an automated information system, to support SSC program 
tracking and documentation requirements. 


Some transit agencies may choose to compile supporting verification documentation for each 
certifiable element in separate notebooks. Some guidelines that may be used in the verification 
process include the following: 


1. Use documentation that directly and succinctly verifies the safety and/or security 
requirement 

2. Exclude irrelevant or redundant information 

For large contract submittals, include representative information only 

4. Highlight specific detail from approved contractor submittals and other verification 
documentation to aid the review process 


oS) 


Contract # C-60 


Certifiable Element: E-1 Subsystem: Station / At-Grade 


Compliance: 
sl aa As-Built 
# 


Safety 
Requirement 


Construction 
Material 
(Type | or II) 


Electrical 
Requirements 
- General 


Identification of 
Breakers 


Passenger Egress 


Passenger Access 


Emergency 
Lighting 


Automatic Fire 
Detection 


Emergency 
Communication 


Standard/ 
Source 


NFPA 130/2-2, 
UFC-Chap. 6, 
Design Criteria 
Manual, Chap. 8 


NFPA 70, 

NFPA 130/2-4.1, 
Design Criteria 
Manual 28 


Design Criteria 
Manual 28.7.2, 
NFPA 70 


NFPA 130/2-5 


| and 


Appendix C 


| Design Criteria 
| Manual 19.2.2 


Design Criteria 
Manual 26.5.4, 
NFPA 130/2-6 


Design Criteria 
Manual 27.4, 
NFPA 130/2-7.1.5 


NFPA 130/2-7.2: 
3.15 
and 8-7 


Specs 03462, 05130, 
05300, 07410 


Specs 16001, 16030, 
16111, 16120, 16130, 
16490, 16450, 16470, 
16500, EC1-0003- 
0005, pgs 659-661 


Specs 16040, 16470 


| EC1-0003-0005, pgs 
| 659-661 


Dwg AC2-0004, pg 
985 


Dwg AC2-0004, pg 
585 


Dwg AC2-0004, pg 
985 


AC2-0005-0007, pgs | X 
086-588; 

EC2-0003-0005, pgs 
659-661 
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Means of 
Verification/ 
Remarks 


Visual Verification 


Visual Verification 


Visual Verification 


Visual Verification 


Visual Verification 





Pay phones need to 
be connected for 
emergency 
communication 
devices. Both 
phones working 
9/21/01 — Close. 


Figure 11: Sample Specification Conformance Checklist 
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Certifiable Element: E-4 Light Rail Transit 


Contract: Contract-01 ‘ 
Revision Date: 03-27-2002 LRT Buildout Phase 1 


Prepared By: Joe Safety Safety/Security Certification Checklist 





Subsystem: Trainway - Surface Design Phase Construction / 
Certified — 8/24/00 Installation / Test 
SSCRT Certified 


Status Remarks Status 


Safety Standard | Compliance, 





Requirement |/Source | Specifications, (Date 
. ” ig 
or Drawings 2 Verified) 
1 ROW Safety / | NFPA Conformed Spec X 
Warning 130/3-1.3 | 2847, 
Signage Conformed 
Dwg(s) RC9- 
4001 to 4007 
pp. 93-99 





Figure 12: Sample Specification Conformance Checklist with Non-compliance 
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Status Means of Verification - Design Means of Verification - Construction 
C = Compliance S = Submittal M = Measurement 

N = Noncompliance D = Design T = Test 

P = Partial Compliance V = Visual Inspection 


NOTES OR RESTRICTIONS: 





Description | Design Design Verification ~ Construction Verification 
Cross Means of Status | Initial | Date | Means of 
Reference Verification Verification 
|g 


FINAL DESIGN VERIFICATION FINAL CONSTRUCTION VERIFICATION 
Name and Organization: Name and Organization: 

Date: Date: 

Approved By: Approved By: 

Date: Date: 





Figu 
re 13: Sample Design and Construction Conformance Checklist with Directions 
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STEP 5: Identify Additional Safety and Security Test Requirements 


Contractor and integrated testing requirements should be reviewed for safety and security 
considerations. Contractor testing, as required by the contract specifications, verifies the 
functionality of the involved system or equipment. Integrated testing verifies the functional 
interface between different equipment or systems. Both contractor and integrated testing are 
subject to certification. Certification of contractor testing may be verified in the Specification 
Conformance Checklist, or combined with integrated testing in a test program certification or by 
other acceptable means. 


The need for additional tests, however, may arise for various reasons throughout the project. To 
request and record the performance of additional tests, the project team may prepare a formal 
Test Description Sheet and submit it to the appropriate organizational unit managing the Test 
Program Plan. A sample Test Description Sheet follows: 


REQUIRED SAFETY AND SECURITY 
TEST DESCRIPTION SHEET 
Test Name: 
Test Procedure: 


Contracts Involved: 


Test Objectives: 


Test Description: 


Test Prerequisites: 


"oO -, 


Resources 
Required 


Time Required: 


Figure 14: Required Test Description Sheet 
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STEP 6: Perform Testing and Validation in Support of the SSC Program 


From the initial stages of the construction development phase, test reports and other 
documentation will be submitted to the agency as a result of Design Qualification Tests 
(Factory); Production Verification Tests (Factory); Construction Inspection Tests; and 
Installation Verification Tests (QA/QC). Safety/security-related test results should be 
documented, as appropriate, in the Specification Conformance Checklist. 


Appropriate documentation supporting verification of the safety and security requirements 
should be submitted or available for review by the project team with its location clearly 
identified. The SSC should identify responsibilities for control and lifecycle of all certification 
documentation. Those personnel responsible for safety and security certification should work 
closely with all involved in this process to achieve full access to the testing and results. This 
process is illustrated below: 











Prepare Test Plans and 
Procedures (Include Emergency 
Procedures) 







Identify 
Test 

Requireme 

nts 


Review 
Test Plans 
and 
Procedures 













Develop 
Testing 
Sequence 













s Procedure 
Acceptable? 










Prepare 
Test 
Schedule 
















Modify 
Equipment 


Perform 
and 
Document 
Tests 


as Procedure 
De ficie nt? 


Review and 
Evaluate 
Data 







Analyze 
Cause or 
Failure 






Was Test 
Acceptable? 











Complete 
and Close- 
out Test 


Figure 15: Test Program Planning Process 
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STEP 7: Manage Integrated Tests for the SSC Program 


Integrated tests are any tests or series of tests, which require the interface of more than one 
element and are designed to verify the integration and compatibility between system elements. 
Pre-operations tests are those tests that require acceptance of all systems and are designed to 
verify the functional capability and readiness of the system as a whole. These tests are not 
necessarily required by contract specification, but are required as part of the test program plan to 
ensure that all systems are functioning safely prior to the system being placed into operation. 
Test result reports form the basis for meeting the safety requirements. 


Prior to developing a plan for integrated testing, transit agencies typically assess both the scope 
of the project related to existing or planned operations and the initial safety and security 
requirements. In specifying the tests, transit agencies often identify a minimum level of safety 
and security conformance that should be met, as well as the measurables used to assess this 
conformance. This minimum level varies from project to project, and 1s dependent upon the 
level of integration and the nature of the tests to be performed. It 1s important to note that transit 
agencies should review test procedures, themselves, for potential hazards. The transit agency 
may also want to develop emergency plans to prepare for a potential critical or catastrophic test 
failure. 


The transit agency may assign a “System Integration Manager” or equivalent personnel to be 
responsible for test management. This manager is often supported in test planning, test procedure 
development and test performance by Operations, Maintenance and the Safety and Security 
Review Committee. The organizational group designated to manage start-up activities also 
receives support from these groups in scheduling facility access and arranging for human 
resources to conduct and witness the test. 


Copies of all applicable tests and inspection reports should become part, of or be referenced in, 
the formal SSC files. A sample integrated test description sheet 1s provided below. 
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SYSTEM INTEGRATION TESTING 
TEST DESCRIPTION SHEET 


Test Name: LRV Clearance Test 
Test Procedure: SI - 101 
Contracts Involved: C9510 - Civil, Track and Landscaping 


C540 - Stations and Park and Ride 
9910 - OCS and LRT Signal System 


Test Objectives: Verify that there is adequate clearance between the LRV and 
the equipment and facilities along the mainline. 


Test Description: Tow a vehicle, equipped with foam extenders to represent the 
Dynamic envelope, over the mainline right-of-way with the 
pantograph retracted. Confirm clearances are as specified. 
Test will be repeated when Low Floor Vehicles are available. 


Test Prerequisites: Equipment and facilities installed along mainline right-of-way. 


Personnel: Test Coordinator 
Test Controller 
Rail Activation 
Maintenance Engineering 
CM Representative 
Vehicle Operator 


Equipment: Hi-Rail Vehicle Mover 
Light Rail Vehicle 
LRV Foam Extenders 
Measuring Tape 
Radios (4) 


Facilities: Both mainline tracks 


Time Required: 8 to 12 hours 


Figure 16: Sample Integrated Testing Sheet 
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STEP 8: Manage “Open Items” in the SSC Program 


As the certification proceeds, open items will be identified and will need to be managed. 
During pre-revenue testing and start-up activities, requests for work-arounds and 
temporary permits of occupancy/notices will be made. The SSC program must have the 
tools available to ensure that the safety and security designed into the system are realized 
in the delivered, tested, and validated project. 


A Safety Critical Items List (SCIL) can be used to track the status and/or resolution of 
those open items identified with the potential to result in harm. Depending on definitions 
used for the project, these 1tems may represent catastrophic and critical hazards and 
vulnerabilities, defined as Category I and Category II hazards using Checklist Number 7 
of the American Public Transportation Association’s Manual for the Development of Rail 
Transit System Safety Program Plans and also referenced in the FTA Hazard Analysis 
Guidelines. Category I and II hazards may require additional analysis to be performed to 
ensure that mitigation measures adopted to eliminate or minimize their risk will be 
effective in doing so before revenue operations can commence. 


The SCIL, or other log, can also support tracking of exceptions or restrictions in those 
situations when a safety certifiable element/item cannot meet design specification with 
the initiation of revenue service. These exceptions must be accompanied by acceptable 
operational work-arounds, if the item 1s critical for the commencement of revenue 
operations. The work-arounds should proscribe operational policies and procedures that 
ensure safe system operations, even though certification requirements are not completed. 
It is important that safety, security, and operations representatives and the project 
manager are equally aware of the accepted measures and the item 1s tracked to resolution 
(it should be noted that in some cases accepted measures may be permanent). The figure 
below presents a sample close-out report for significant items. 


STATUS REPORT FOR CLOSE-OUT 


Item No. System Sub-system: Reference 
Element: Information: 


Description of Condition: Required Controls: 


Status: Responsibility: Approved: 


_ oe 


Figure 17: Sample Close-out Report 
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STEP 9: Verify Operational Readiness 
Operational readiness includes activities to verify the following: 


e Applicable operations, maintenance, and emergency rules, procedures, and plans 
have been developed, reviewed, and implemented 


e Manuals, showing how to operate and maintain systems equipment and facilities, 
have been developed, reviewed, approved, and accepted by the project team 


e Safety/security-related training for operations and maintenance personnel has 
been developed, performed, and successfully completed by all personnel as 
required 


e Emergency training has been developed, performed, and successfully completed 
by all personnel as required, including public safety personnel (if appropriate) 


e Emergency drills and training have been conducted with outside agencies 
o To familiarize and train response personnel 1n emergency procedures 
o To evaluate response procedures 
o To identify improvements to response procedures before a real emergency 
occurs 
o To maintain an adequate level of preparation for a possible emergency. 


During the pre-operations phase of the system, the procedures and plans are tested for 
effectiveness under simulated operating conditions for normal, abnormal, and emergency 
situations. Verification for these activities often includes signatures by the appropriate 
officials or employees on all procedures, rulebooks, and training necessary to support 
operation and maintenance of the system. The operating and maintenance procedures and 
plans are judged as meeting the verification requirements or are recommended for 
modification. 


In addition, during this period, the project team should conduct a final “walk-through 
inspection” of completed facilities and systems. 
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STEP 10: Conduct Final Determination of Project Readiness and Issue Safety and Security 
Certification 


Before revenue service begins, prior to completing its formal certification, the project 
team and supporting committees should review all safety and security certification 
documentation to determine if any outstanding items remain. 


Approval of certifiable elements occurs when work has been completed in conformance 
with criteria and hazards have been reduced to an acceptable level. Any remaining work- 
arounds affecting a certifiable element require a hazard management plan to be initiated 
that will analyze the hazard and control the risk to an acceptable level for a defined 
period of time. The hazard management plan must include any Category I and II hazards 
to ensure that they have been resolved or controlled to an acceptable level prior to 
entering revenue service. 


When a certifiable element is ready for certification, the Safety and Security Review 
Committee (or other designated authority) should evaluate the evidence, along with any 
restrictions and recommendations, and prepare a “Certificate of Conformance” package. 


In the event that an “Interim Request for Certificate” has been put forward, any 
subsequent certification should identify restrictions that remain on system elements under 
the request. These restrictions should be communicated to all affected departments in 
writing, and the residual risk accepted should be accepted by the designated and 
appropriate authority within the agency. 


If the Safety and Security Review Committee determines that the requirements have not 
been met, then it has the responsibility and authority to recommend to the Chief 
Executive Officer that operation of the system be delayed until the issue is resolved. 


Upon completion of all project Certificates of Conformance (with specific restrictions as 
applicable), a Final Project Safety and Security Certificate 1s prepared, signed and 
transmitted to the transit agency executive management for formal approval. A sample 
certification is presented in Figure 18 below. 
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SAFETY AND SECURITY CERTIFICATION PROGRAM 


PROJECT SAFETY AND SECURITY CERTIFICATE 
RESTRICTIONS: 


The PROJECT SAFETY AND SECURITY CERTIFICATE indicates that all safety and security 
requirements have been successfully completed and the project is certified for revenue service, 
but with any noted restrictions. 


Prepared by and Date Approved by and Date 





Figure 18: Project Safety and Security Certificate 


Prior to revenue operations, or shortly after the initiation of revenue service, the project 
team will prepare a Safety and Security Certification Verification Report. This report 
summarizes the readiness of the project for revenue service by addressing the following 
elements: 


e Executive Summary regarding Status of SSC and Restrictions 


e Description of Activities Performed for SSC 
o Design and Construction Checklists 
Integrated Testing 
Emergency Drills 
Contractual Operations and Maintenance Manuals 
Fire/Life Safety Training 
© Operations and Maintenance Training 


Oe Qi oO) ©) 


e Description of Current Certification Status 
o Signed Certificates of Conformance 
o Final Project Safety and Security Certificate 


e Recommendation of Actions Required to Mitigate or Minimize the Consequences 
of the Remaining Restrictions 


e Schedule for Eliminating Restrictions 


In some states, the Verification Report must be submitted to the State Safety Oversight 
Agency. 
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APPENDIX A: Life Cycle Definitions 


Planning — begins with research conducted into the feasibility of a project and concludes 
with the creation of a concept and the decision to develop a preliminary design. This 
phase is managed through the local transportation planning function and proceeds 
through alternative analysis and special research, environmental impact assessments, 
corridor analyses, and major investment studies. It concludes with the formal adoption of 
a locally preferred alternative and the request to enter Preliminary Engineering. 


Preliminary Engineering (PE) -- takes the project from the planning stage to a level of 
design that allows a more accurate estimate of project costs and impacts. The results of 
PE provide the basis for subsequent funding and implementation decisions. A major 
objective of PE is to investigate the merits of all configurations and designs. These 
investigations require in-depth analysis of all components, their interrelationships, and 
their costs. Environmental reviews are also performed. 


Final Design (FD) — takes the formalized concept and engineering development and 
finalizes them in the plans, specifications, and bid documents required for awarding the 
individual construction and equipment fabrication and installation contracts. 


Construction (CON) — begins with the development, fabrication, or construction of the 
engineered design for the selected alternative and concludes with the delivery of the 
completed project. This phase include the inspection, review, and checkout of the 
delivered project and concludes with the determination that the delivered project meets 
the engineering specification. 


Integrated Testing (INT-TEST) — begins with activities to identify, plan and conduct tests 
to evaluate integration of the delivered and accepted project into planned revenue 
operations. This phase concludes with verified documentation of compatibility between 
system elements. 


Pre-revenue (Interim) Operations (PRE-REV) — begins with the identification and 
performance of tests, drills, exercises, and audits designed to verify the functional 
capability and readiness of the system as a whole, and concludes with verified 
documentation of readiness for revenue operations. 


Operations (OPS) — begins with the initiation of the completed project in service and 
concludes with the determination that the project has fulfilled its service requirements 
and must be replaced or removed from operations. 
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APPENDIX B: Useful References 


29 CFR 1910.119, “Process Safety Management,” Department of Labor, OSHA, U.S. 
Government Printing Office, July 1992. 


American Public Transportation Association. Manual for the Development of Rail Transit 
System Safety Program Plans, 1999. 


Boyd, Annabelle, Patricia Maier and James Caton. 7ransit Security Handbook. 
Washington, D.C.: Federal Transit Administration, 1998. 


Boyd, Annabelle and John Sullivan. Emergency Preparedness for Transit Terrorism. 
Transit Cooperative Research Program, Synthesis Number 27, Washington, D.C-.: 
National Academy Press, 1997. 


Christensen, Wayne C. and Fred A. Manuele, Editors. Safety through Design. NSC Press, 
ISBN 0-87912-204-8, 1999. 


Clarke, Ronald, et al. Preventing Mass Transit Crimes: Prevention Studies, Criminal 
Justice Press, 1996. 


Cobb, Renee and Jerome Needles. /mproving Transit Security. Transit Cooperative 
Research Program, Synthesis Number 21, Washington, D.C.: National Academy Press, 
1997. 


Crowe, Timothy D. Crime Prevention through Environmental Design: Applications of 
Architectural Design and Space Management Concepts, Stoneham, MA: Butterworth 
Press, 1991. 


Hammer, Willie. Product Safety Management and Engineering. Second Edition, ASSE, 
ISBN 0-939874-90-3, 1993. 


MIL-STD 882-D, “System Safety Program Requirements,” February 10, 2000. 


MIL-STD 1629A, “Procedures for Performing a Failure Mode, Effects and Criticality 
Analysis,” November 1980. 


National Transit Institute. Transit Trainers’ Workshop. Session Workbook: Keeping 
Operators Safe A Comprehensive Approach, January 2001. 


Policastro, Anthony and Susanna Gordon. The Use of Technology in Preparing Subway 
Systems for Chemical/Biological Terrorism. Washington, D.C.: Department of Energy, 
May 1999. 


Raheja, Dev. Products Assurance Technologies: Principles and Practice. New York: 
McGraw Hill, Inc., 1991. 
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Roland, Harold E., Moriarty, Brian, System Safety Engineering and Management, Second 
Edition, John Wiley & Sons, Inc., 1990. 


Sullivan, John and Henry DeGeneste. Policing Transportation Facilities. Springfield, IL: 
Charles C. Thomas Press, 1994. 


System Safety Society, System Safety Analysis Handbook, 2" Edition, System Safety 
Society, Sterling, VA 1997. 


U.S. Department of Defense, Joint Software Safety Committee, Software System Safety 
Handbook, December 1999. 


U.S. General Services Administration. Balancing Security & Openness. Washington, 
D.C., November 30, 1999. 


U.S. General Services Administration. Facility Standards for the Public Building Service. 
“Chapter 8: Security.” Washington, D.C. 2001. 


Veteran’s Benefits Administration. Facility Design Guide. Washington, D.C. 1999. 


Vincohi, Jeffrey, Basic Guide to System Safety, Van Nostrand Reinhold Press, 1993. 
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APPENDIX C: Resource Guide 


The following organizations provide standards, codes and regulations commonly used to 
support this activity: 


| ee ee re Association of American Railroads 
PP VA iicsernctcotu top esneitotpantaneanatedoeianes American Public Transportation Association 
AREMA................. American Railway and Engineering and Maintenance-of-Way Association 
jc) 6] ee ee ee ee American Society of Civil Engineers 
ASHRAE ......... American Society of Heating, Refrigerating, and Air-Conditioning Engineers 
7.) | | ee eee American Society of Mechanical Engineers 
STI sssrcscncccriet acusaseencenetss eee teaceatheendaneteenstaeceenaces American Society for Testing and Materials 
BT tage ce ectep seen ese ateae sete eseesenedencesectees teste eeeenee anak Federal Highway Administration 
BF sees sane sacssesaststantanseceebabsscsenaresenomeauaeoeeepdeteossevesembeetetsoacasaesem: Federal Rail Administration 
on. eee ee ea ee ee eee eee eee eee Federal Transit Administration 
|S | See tee eee nee eee cree ane eee eer err Institute of Electrical and Electronics Engineers 
BS sae starrer ses anascearrnacnseannanienusa inuasatzes aseaueanuatesine International Standards Organization 
C3) Cees ae eer Natural Gas Vehicle Coalition 
ls ee eee eee eee National Fire Protection Association 
IES Ay es coco sec scasnsapistetsengaeanenattesextndstetanacssenoane National Highway Traffic Safety Administration 
ee rs society of Automotive Engineers 
S| BD) @ een nee ee eee en ee ee eee ee ee standards Development Organization 
CRP ag gcreeesseenceeaieceescocatetteccucarscoseteepesccarsecGaaesecestats Transit Cooperative Research Program 
Ss) ec ee ee Transit Standards Consortium 


Detailed descriptions of hazard analysis methodologies can be found in the System 
Safety Society’s System Safety Analysis Handbook (1997) and the Software System 
Safety Handbook (1999). Both handbooks are available on the System Safety Society 


Web Page: http://www.system-safety.org 


The Transportation Safety Institute (TSI) offers several courses that provide detailed 
descriptions of the hazard analysis process. Additional information on TSI courses and 
training calendar is available at www.tsi.dot.gov. 
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Additional standards are available from the following on-line sites: 


RESOURCE: The following websites provide additional information on codes, 
consensus standards, and regulations applicable to major transit projects: 


American Institute of Architects www.aia.org 
American National Standards Institute (ANSI) www.ansi.org 
American Society of Civil Engineers (ASCE) WWW.asce.org 
Building Officials and Code Administrators International www.bocai.org 
Construction Specification Institute (CSI) www.csinet.org 
Factory Mutual (FM) www.factorymutual.com 
Federal Emergency Management Administration (FEMA) www.fema.gov 
International Code Council www.intlcode.org 
International Conference of Building Officials www.icbo.org 


National Fire Protection Association Home Page www.nfpa.org 
National Institute of Standards and Technology (NIST) www.nist.gov 


Occupational Safety and Health Administration (OSHA) www.osha.gov 
southern Building Code Congress International (SBCC]) www.sbcci.org 
Transit Standards Consortium www.tsconsortium.org 
Underwriters Laboratories, Inc. (U.L.) www.ul.com 


pd =o O10] (Od Seam Mal-Mcoli cons alate milal. com oleh ae(-mlaicolgiir-licolamacter-lmellale m-t-Vee ei avmie-lialiarem-lare 
fo [-X-}fe lami r-laler-|uel-m-lalemaclerelatlant-lacer-lilelate 


National Criminal Justice Reference Service www.ncjrs.org 
National Crime Prevention Institute www.louisville.edu/a-s/ja/menu.html 
National Crime Prevention Council www.ncpc.org 
Transportation Safety Institute www.tsi.dot.gov 
Maryland Community Crime Prevention Institute www.dpscs.state.md.us/pct/ccpi/ 
American Society for Industrial Security www.asisonline.org 
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APPENDIX D: Sample Design and 
Construction Specification Conformance 
Form and Directions 


(Form and Directions Begin on Next Page] 
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